First published: Wed Apr 15 2020(Updated: )
A vulnerability in the web server for Cisco IP Phones could allow an unauthenticated, remote attacker to execute code with root privileges or cause a reload of an affected IP phone, resulting in a denial of service (DoS) condition. The vulnerability is due to a lack of proper input validation of HTTP requests. An attacker could exploit this vulnerability by sending a crafted HTTP request to the web server of a targeted device. A successful exploit could allow the attacker to remotely execute code with root privileges or cause a reload of an affected IP phone, resulting in a DoS condition.
Credit: ykramarz@cisco.com ykramarz@cisco.com
Affected Software | Affected Version | How to fix |
---|---|---|
Cisco Ip Phone 8865 Firmware | =10.3\(1\)es14 | |
Cisco Ip Phone 8865 Firmware | =11.0\(1\) | |
Cisco Ip Phone 8865 Firmware | =11.0\(5\)sr1 | |
Cisco Ip Phone 8865 | ||
Cisco Ip Phone 8851 Firmware | =10.3\(1\)es14 | |
Cisco Ip Phone 8851 Firmware | =11.0\(1\) | |
Cisco Ip Phone 8851 Firmware | =11.0\(5\)sr1 | |
Cisco IP Phone 8851 | ||
Cisco Ip Phone 7841 Firmware | =11.0\(1\) | |
Cisco Ip Phone 7841 | ||
Cisco Ip Phone 7821 Firmware | =11.0\(1\) | |
Cisco Ip Phone 7821 | ||
Cisco Ip Phone 8811 Firmware | =10.3\(1\)es14 | |
Cisco Ip Phone 8811 Firmware | =11.0\(1\) | |
Cisco Ip Phone 8811 Firmware | =11.0\(5\)sr1 | |
Cisco Ip Phone 8811 | ||
Cisco Ip Phone 8861 Firmware | =10.3\(1\)es14 | |
Cisco Ip Phone 8861 Firmware | =11.0\(1\) | |
Cisco Ip Phone 8861 Firmware | =11.0\(5\)sr1 | |
Cisco Ip Phone 8861 | ||
Cisco Ip Phone 8845 Firmware | =10.3\(1\)es14 | |
Cisco Ip Phone 8845 Firmware | =11.0\(1\) | |
Cisco Ip Phone 8845 Firmware | =11.0\(5\)sr1 | |
Cisco Ip Phone 8845 | ||
Cisco Ip Phone 7861 Firmware | =11.0\(1\) | |
Cisco IP Phone 7861 | ||
Cisco Ip Phone 8841 Firmware | =10.3\(1\)es14 | |
Cisco Ip Phone 8841 Firmware | =11.0\(1\) | |
Cisco Ip Phone 8841 Firmware | =11.0\(5\)sr1 | |
Cisco Ip Phone 8841 | ||
Cisco Ip Phone 7811 Firmware | =11.0\(1\) | |
Cisco Ip Phone 7811 | ||
Cisco Ip Phone 8821 Firmware | =10.3\(1\)es14 | |
Cisco Ip Phone 8821 Firmware | =11.0\(1\) | |
Cisco Ip Phone 8821 Firmware | =11.0\(5\)sr1 | |
Cisco Ip Phone 8821 | ||
Cisco Ip Phone 8821-ex Firmware | =10.3\(1\)es14 | |
Cisco Ip Phone 8821-ex Firmware | =11.0\(1\) | |
Cisco Ip Phone 8821-ex Firmware | =11.0\(5\)sr1 | |
Cisco Ip Phone 8821-ex | ||
Cisco 8831 Firmware | =10.3\(1\)es14 | |
Cisco 8831 Firmware | =11.0\(1\) | |
Cisco 8831 Firmware | =11.0\(5\)sr1 | |
Cisco 8831 | ||
Cisco Cisco IP Phones | ||
All of | ||
Any of | ||
Cisco Ip Phone 8865 Firmware | =10.3\(1\)es14 | |
Cisco Ip Phone 8865 Firmware | =11.0\(1\) | |
Cisco Ip Phone 8865 Firmware | =11.0\(5\)sr1 | |
Cisco Ip Phone 8865 | ||
All of | ||
Any of | ||
Cisco Ip Phone 8851 Firmware | =10.3\(1\)es14 | |
Cisco Ip Phone 8851 Firmware | =11.0\(1\) | |
Cisco Ip Phone 8851 Firmware | =11.0\(5\)sr1 | |
Cisco IP Phone 8851 | ||
All of | ||
Cisco Ip Phone 7841 Firmware | =11.0\(1\) | |
Cisco Ip Phone 7841 | ||
All of | ||
Cisco Ip Phone 7821 Firmware | =11.0\(1\) | |
Cisco Ip Phone 7821 | ||
All of | ||
Any of | ||
Cisco Ip Phone 8811 Firmware | =10.3\(1\)es14 | |
Cisco Ip Phone 8811 Firmware | =11.0\(1\) | |
Cisco Ip Phone 8811 Firmware | =11.0\(5\)sr1 | |
Cisco Ip Phone 8811 | ||
All of | ||
Any of | ||
Cisco Ip Phone 8861 Firmware | =10.3\(1\)es14 | |
Cisco Ip Phone 8861 Firmware | =11.0\(1\) | |
Cisco Ip Phone 8861 Firmware | =11.0\(5\)sr1 | |
Cisco Ip Phone 8861 | ||
All of | ||
Any of | ||
Cisco Ip Phone 8845 Firmware | =10.3\(1\)es14 | |
Cisco Ip Phone 8845 Firmware | =11.0\(1\) | |
Cisco Ip Phone 8845 Firmware | =11.0\(5\)sr1 | |
Cisco Ip Phone 8845 | ||
All of | ||
Cisco Ip Phone 7861 Firmware | =11.0\(1\) | |
Cisco IP Phone 7861 | ||
All of | ||
Any of | ||
Cisco Ip Phone 8841 Firmware | =10.3\(1\)es14 | |
Cisco Ip Phone 8841 Firmware | =11.0\(1\) | |
Cisco Ip Phone 8841 Firmware | =11.0\(5\)sr1 | |
Cisco Ip Phone 8841 | ||
All of | ||
Cisco Ip Phone 7811 Firmware | =11.0\(1\) | |
Cisco Ip Phone 7811 | ||
All of | ||
Any of | ||
Cisco Ip Phone 8821 Firmware | =10.3\(1\)es14 | |
Cisco Ip Phone 8821 Firmware | =11.0\(1\) | |
Cisco Ip Phone 8821 Firmware | =11.0\(5\)sr1 | |
Cisco Ip Phone 8821 | ||
All of | ||
Any of | ||
Cisco Ip Phone 8821-ex Firmware | =10.3\(1\)es14 | |
Cisco Ip Phone 8821-ex Firmware | =11.0\(1\) | |
Cisco Ip Phone 8821-ex Firmware | =11.0\(5\)sr1 | |
Cisco Ip Phone 8821-ex | ||
All of | ||
Any of | ||
Cisco 8831 Firmware | =10.3\(1\)es14 | |
Cisco 8831 Firmware | =11.0\(1\) | |
Cisco 8831 Firmware | =11.0\(5\)sr1 | |
Cisco 8831 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this Cisco IP Phones vulnerability is CVE-2020-3161.
CVE-2020-3161 has a severity level of 9.8 (Critical).
The Cisco IP Phones vulnerability affects Cisco IP Phones with specific firmware versions.
CVE-2020-3161 can allow an unauthenticated remote attacker to execute code with root privileges or cause a denial-of-service (DoS) condition on an affected Cisco IP Phone.
To fix the Cisco IP Phones vulnerability, users should update the firmware of their Cisco IP Phones to a non-vulnerable version.